2251afac458d9c549086c685a6631d9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2251afac458d9c549086c685a6631d9e_JaffaCakes118
Size

128KB
MD5

2251afac458d9c549086c685a6631d9e
SHA1

d735aad53a3c06f1e2b02b5635a3244d6050babe
SHA256

ca30f7b977de43bcd65da3eaf4b534c785baa41cc2bacc15ef3668361c789be4
SHA512

f01327f2654c1987f0d69ffcba87563ff44a48bad55546a8fd5ab9cc5db5f1f1c62b0cf8f0a7943eb42aa62bd226ab25ef5745af5f27ed995bfd1a0d8a5edc3d
SSDEEP

3072:gfNPBd3Pl+ovt+eA+4TwDMkU1dxhvDPy8BQee9+:8PLdml+FDMvdxheXeu+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2251afac458d9c549086c685a6631d9e_JaffaCakes118

Files

2251afac458d9c549086c685a6631d9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e67f4a44924e37e60a440c1d10fa2563

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Atyb\Nawibyl\Pasiza\Huku\Fiq\Ekajebo\Nygaz.pdb

Imports

kernel32

QueryPerformanceCounter
GetWindowsDirectoryA
GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
SizeofResource
LockResource
DeviceIoControl
GetCurrentProcess
LoadLibraryA
CloseHandle
WriteFile
GetFileSize
CreateFileA
DeleteCriticalSection
GetProfileStringW
VirtualProtect
CreateToolhelp32Snapshot
Process32First
SetEndOfFile
HeapSize
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LCMapStringW
LCMapStringA
GetSystemInfo
GetLocaleInfoA
VirtualQuery
InterlockedExchange
RtlUnwind
FlushFileBuffers
SetStdHandle
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
ReadFile
GetStartupInfoA
GetFileType
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetLastError
ExitProcess
GetProcAddress
TerminateProcess
SetFilePointer
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount

user32

GetSystemMetrics
TranslateMessage
GetPropA
UnregisterHotKey
SetFocus
RegisterClassExA
GetKeyNameTextA
GetWindowTextLengthA
GetClassInfoExA
CallWindowProcA
GetCursorPos
GetFocus
AppendMenuA
MapWindowPoints
CreateMenu
DestroyMenu
BeginPaint
OpenClipboard
InvalidateRect
PostMessageA
ValidateRect
BeginDeferWindowPos
DeferWindowPos
RegisterWindowMessageA

winspool.drv

ClosePrinter
OpenPrinterA
EnumPrintersA
DocumentPropertiesA

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e67f4a44924e37e60a440c1d10fa2563

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 40KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 40KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 1KB